class UsersController < ApplicationController
  before_filter :except => [:edit, :update, :show, :logged_in] do |controller|
    controller.authorize_permissions({:blocked_permissions => (User::PermissionLevels - ["admin", "supervisor"])})
  end
  
  def logged_in
    @courier = @current_user.courier
    
    respond_to do |format|
      format.html # index.html.erb
      format.json  { render :json => [@courier] }
    end
  end

  # GET /users
  # GET /users.json
  def index
    @title = "View Users"

    conditions = {}
    # Supervisors can only see users at their location
    if @current_user.permission_level == "supervisor"
      conditions[:location_id] = @current_user.location_id
    end
    
    @users = User.find(:all, :conditions => conditions, :order => :account_name)
    @page_results = @users.paginate(:page => params[:page], :per_page => 10)

    respond_to do |format|
      format.html # index.html.erb
      format.json  { render :json => @users }
    end
  end

  # GET /users/1
  # GET /users/1.json
  def show
    @user = User.find(params[:id])
    @title = "View User: " + @user.real_name

    respond_to do |format|
      format.html # show.html.erb
      format.json  { render :json => [@user] }
    end
  end

  # GET /users/new
  # GET /users/new.json
  def new
    @title = "New User"
    @user = User.new

    @supervisor = @current_user.permission_level == "supervisor"
	
    respond_to do |format|
      format.html # new.html.erb
      format.json  { render :json => @user }
    end
  end

  # GET /users/1/edit
  def edit
    @user = User.find(params[:id])
    
    if @current_user.can_edit?(@user)
      @title = "Edit User: " + @user.real_name
      @supervisor = @current_user.permission_level == "supervisor"
    else
      permissions_error_page
    end
  end

  # POST /users
  # POST /users.json
  def create
    @user = User.new(params[:user])
	
    if @user.permission_level == "courier"
      @user.courier = Courier.new
    end
	
    respond_to do |format|
      if @user.save	  
        flash[:notice] = "User #{@user.account_name} was successfully created."
        format.html { redirect_to users_path }
        format.json  { render :json => @user, :status => :created, :location => @user }
      else
		@title = "New User"
        format.html { render 'new' }
        format.json  { render :json => @user.errors, :status => :unprocessable_entity }
      end
    end
  end

  # PUT /users/1
  # PUT /users/1.json
  def update
    @user = User.find(params[:id])
	
    # Redirect to appropriate page depending on if they edit their own account
    if (["admin", "supervisor"].include? @current_user.permission_level)
      @redirect_path = users_path
    else
      @redirect_path = items_path
    end
	
    respond_to do |format|
      if @user.update_attributes(params[:user])
        flash[:notice] = 'User ' + @user.account_name + ' was successfully updated.'
		# Need to redirect to correct spot if not an admin
        format.html { redirect_to @redirect_path }
        format.json  { head :ok }
      else
		@title = "Edit User: " + @user.real_name
        format.html { render 'edit' }
        format.json  { render :json => @user.errors, :status => :unprocessable_entity }
      end
    end
  end

  # DELETE /users/1
  # DELETE /users/1.json
  def destroy
    @user = User.find(params[:id])
    if not @user.id == session[:user_id]
      flash[:notice] = @user.real_name + " deleted"
      @user.destroy
    else
      flash[:notice] = "You can't delete yourself"
    end
    respond_to do |format|
      format.html { redirect_to(users_url) }
      format.json  { head :ok }
    end
  end
end
